TY - GEN
T1 - An Anti-pattern for Misuse Cases
AU - Torabi Dashti, Mohammad
AU - Radomirović, Saša
PY - 2018
Y1 - 2018
N2 - Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.
AB - Misuse case analysis is a method for the elicitation, documentation, and communication of security requirements. It builds upon the well-established use case analysis method and is one of the few existing techniques dedicated to security requirements engineering. We present an anti-pattern for applying misuse cases, dubbed “orphan misuses.” Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. Common symptoms include implementation-dependent threats and overly general, vacuous mitigations. We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.
UR - http://www.scopus.com/inward/record.url?scp=85041509172&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-72817-9_16
DO - 10.1007/978-3-319-72817-9_16
M3 - Conference contribution
AN - SCOPUS:85041509172
SN - 9783319728162
T3 - Lecture Notes in Computer Science
SP - 250
EP - 261
BT - Computer Security. SECPRE 2017, CyberICPS 2017
PB - Springer
T2 - 1st International Workshop on Security and Privacy Requirements Engineering 2017
Y2 - 14 September 2017 through 15 September 2017
ER -